VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Running Server 2012 r2.  Static IP set on server - 10.2.8.10.  Establish a VPN connection to the server (no problems).  Start a remote desktop session to the server using the server name - no resolution, no connection.  Start a remote desktop session to the server using 10.2.8.10 works on the first connection but not after that.  Run a tracert to 10.2.8.10 shows 10.2.8.109 as the first hop.  Remote desktop connection to the server using 10.2.8.109 works fine every time.  I look in DHCP and 10.2.8.100 - 10.2.8.109 are assigned to the server with the unique ID of RAS.  Cannot add this IP to reservation because the unique ID is not unique.  Stumped as to what I have misconfigured and what the solution is.
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

We run 2 seperate windows AD domain. ABC.com is internal and where we run dev tec etc, our hosted domain is xyz.com. ABC.com is connected by a site to site vpn to xyz.com
when we deploy new software builds to our web servers, we test to make sure that the build has worked by using the following url in our browser <test1.server1.xyz.com>, <test1.server2.xyz.com>

we normally test this over HTTP but thought by having an internal CA within xyz.com we can server this over HTTPS but still making the internal call to check each site against individual server.

internally we have dns enteries that know the internal ip of test1.server1.xyz.com points to over the vpn.

the issue we have is that as xyz.com is an internal domain, our browsers wont allow us access as they are considered non trusted. we installed an internal CA in xyz.com but that now means we have to create a new cert for each site we create per server, we have 500+sites across 8 servers.

the error we receives is as follows:

The owner of site1.server1.xyz.com has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

any ideas on how to resolve this.
0
We have a client with three sites, all three sites connect to an azure server however one site's LAN to LAN connection isn't connecting to Azure.
0
Using Microsoft VPN server\client on Server 2012. The 2012 server is in the cloud, I have set up the VPN server and I'm able to connect to the VPN, I can ping the VPN server, I can RDP to the server when connected to the VPN but I can not access a share on the server. This is a single server (non-domain) solution that remote clients need to access a database on this server. Port 139 is open, The VPN clients get an IP address on the same subnet as the server. when trying to access the share via IP \\999.999.99.99\share  I get Windows cannot access never prompts for user id. I have checked share and NTFS rights and the VPN users should have access. I get same results on Win10 VPN client and Win 7 VPN client
0
Hi,

I have a problem to establish call session between two sites over gre tunnel ipsec. The tunnel is up but I am Unable to set a call. I think the problem is Nat but I don't know how to fix it.  It's seems like the traffic were blocked in the beginning of the tunnel.

You can see the configuration files in attached.

 

Best Regards,

 

Aristide
0
I am installing WatchGuard SSL Vpn software which is using Open VPN software and it has TAP network driver but I can't install it unattended. Does anybody know how to install OpenVPN un-attended including TAP-Windows adapter?
0
Hey all, we are getting rid of our on premise DC which has our file server on it as well and move to the cloud completely....the question is how to handle our file server in the cloud.  

I see two options:

1) Use azure files....I know it doesn't have Azure AD integration yet but I am ok with that since you can still do some sort of permissioning.  But is there a way to deploy the mapped drive automatically to Azure AD and/or Intune users?

2) Use a Server 216 server in the cloud and put the file server on it....the problem is that I think it has to be joined to Azure AD-DS...and go over a site2site vpn which would be pretty slow.

Another question that I have is…if we implement Azure AD-DS….and join an Azure VM to Azure AD-DS, does that make Azure AD useless and unusable?

Do we need a site-2-site VPN tunnel between Azure and our offices to use Azure AD-DS?

How would our client desktops/users in the office access the Azure VM and authenticate if Azure AD-DS? Do we have to join the local client machines to Azure AD-DS or will our Azure AD accounts (tied to our O365 accounts) still work?
0
Hey all, we are getting rid of our on premise DC which has our file server on it as well and move to the cloud completely....the question is how to handle our file server in the cloud.  

I see two options:

1) Use azure files....I know it doesn't have Azure AD integration yet but I am ok with that since you can still do some sort of permissioning.  But is there a way to deploy the mapped drive automatically to Azure AD and/or Intune users?

2) Use a Server 216 server in the cloud and put the file server on it....the problem is that I think it has to be joined to Azure AD-DS...and go over a site2site vpn which would be pretty slow.

Another question that I have is…if we implement Azure AD-DS….and join an Azure VM to Azure AD-DS, does that make Azure AD useless and unusable?

Do we need a site-2-site VPN tunnel between Azure and our offices to use Azure AD-DS?

How would our client desktops/users in the office access the Azure VM and authenticate if Azure AD-DS? Do we have to join the local client machines to Azure AD-DS or will our Azure AD accounts (tied to our O365 accounts) still work?
0
I am working on a Debian system at a sister company, and have a VPN set up between the 2 sites. I am able to Remote Desktop onto any of their other servers, but no their Debian server. I am able to access the IP address for the Bebian system through a browser on any of their network boxes, but cannot access from outside.

The only way I'm able to access the Debian box is to RDP onto any other server within their system, and then RDP from there to the Debain system. Doing this way though prevents me from sending files as I am unale to SSh or PFTP to the Debian box form my VMWAre testing system's Command Terminal, which I have been using throughout previously.

In the past I found a command that was entered into the Debian terminal through RDP that opened up a port on the box, that since then enabled access, but following a recent server reboot, the connection has once again been lost.

Is there a command that will sort this problem, when entered into the Command Terminal of the debian box whilst RDP'd onto it?
0
What is the process to connect an iPhone X to a remote Windows network using the Always On VPN?
0
Webinar: Miercom Evaluates Wi-Fi Security
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

What is the process to connect a Mac OS X laptop to a remote Windows network using the Always On VPN?
0
I would like someone to explain to me in simplistic terms what is the "VPN"?.  Do I need it and if so what is the easiest app and method  to set up and is it Free?
0
I have established two VPN connections in AWS from an environment to a third party Cisco VPN firewall.  Everything is set up as it should be, but we are unable to bring the tunnel up.

I a nutshell, we have established two independent VPN connections, with each on going to a different datacentre.  The configuration has been supplied to the 3rd party agency who are managing an external service that connects through the tunnel to another agency.  The two tunnels are set up as Active and DR tunnels, but will carry the same traffic. in the event of failure, and then our traffic is NAtted twice to reach the destination.

We have tried a number of things but still unable to get the tunnels up from either main or DR datacentre firewalls.

The problem seems to lie in the tunnel configuration; apparently there is an issue with using SLA monitors to keep the tunnel up from the Cisco side; obviously without this the VPN connection will drop.  The information I have seen seems to imply we need to setup a "route all" tunnel at the customer side and then employ static routes to get the right traffic down the tunnel to the firewall - which will cause major issues as our VPC supernet overlaps their networks; also we only want to allow 3 machines on two subnets through the tunnel.

Our other problem is how the VPN failover will work for the DR tunnel.  They are monitoring and will automatically fail over to the secondary VPN tunnel should an issue occur with the primary datacentre …
0
Hi guys

As part of the last question I asked about firewall rules, I am looking at our firewall right now and monitoring the traffic. I'm looking at the traffic between VPN connections from our stores to a main server. These stores are all using the same application to communicate with the server. However, I'm looking at the server and it is receiving connections from our various stores, but every single store is communicating via a different port. So one store will be coming through port 4274. The other one will send it via port 4288. My point is, are applications specifically written in this way to prevent security breaches from happening by constantly randomising their port sequences so that they can't be 'guessed' by a malicious attacker?

And if that is the case, surely going back to the answers being given previously, this does warrant the ability for the 'ANY' ports to be open from site A to site B via VPN.

Thank you
Yash
0
Hello everyone,

I've been trying to set up a VPN between windows server 2016 and mac os x client.

The connection gets established but I can not access the resources.
The internet connection is also gone. What I really wanted to do is split vpn.

This is the configuration on the Server:
#################################################
#################################################
#listen on IPv4
local 10.0.60.51
 
#the default port is 1194
port 1194
 
#UDP protocol chosen for better protection against DoS attacks and port scanning
proto udp
 
#using routed IP tunnel
dev tun
 
# ----------------------------------------------
# Zertifikate
# ----------------------------------------------
 
dh ..//server-keys//dh4096.pem
ca ..//server-keys//ca.crt
cert ..//server-keys//lexp-svr-101.crt
key ..//server-keys//lexp-svr-101.key
 
# ----------------------------------------------
# Server-Setup
# ----------------------------------------------
 
#set OpenVPN subnet
server 10.64.60.0 255.255.255.0
 
#maintain a record of client-to-virtual-IP-address
ifconfig-pool-persist ipp.txt
 
#cryptographic cipher, must be the same (copied) on the client config file as well
#cipher AES-256-CBC
 
client-to-client
 
# ----------------------------------------------
# Client-Settings (inkl Special Dir)Files
# ----------------------------------------------
 
#client-config-dir "C:\Program Files\OpenVPN\ccd"
push "route 10.0.60.0 255.255.255.0"
 
 
# 

Open in new window

0
We have a LAN setup in our office with a 2012 server - the IP range is 192.168.1.1-255.
My director uses VPN to dial in to the server from home to get access to files and folders that are on the server. The PPTP server will give him an IP address in the same range. This part works well.
The problem comes when he wants to print to his home printer (which is on a LAN, not USB). Items sent from home to the office printer run off fine but as the IP range is the same (192.168.1.1-255) the home printer will not print it - I think this is the case until he disconnects the VPN which is not very practical.

I see PPTP is very obsolete - so perhaps I need to implement a new VPN system on this MS 2012 server?

Any advice on the setup would be appreciated.
Thanks,
Jack
0
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
On my W7 I have a problem to connect through cisco Any Connect ver 4.4 vpn and my ie11 .

when I tried  first login to any Connect it  goes through then I go to My Remote Desktop connection to connect to site I am stack , ie is not showing long in screen  I am getting white screen and error not able to connect??

When I turn of Any Connect  my ie11 is working.
Any idea how to solve this.
0
While I am connected to my organization's internal network using the Always on VPN connection (while outside of the office) I am able to successfully browse network shares on the Hyper-V base server and virtual servers using the \\hostname\C$ convention but can't browse these same network shares using the  \\internal IP address\C$ convention.

The internal IP address scheme used by my organization is uniqute and isn't widely used amoung other networks, 10.88.188.x (or by the networks I am connected to while establishing the Always On VPN connection).

I am also able to successfully browse these same C$ network shares while within my organization's internal network and connected using Wi-Fi or an Ethernet cable.

What can I do to fix this issue so I will be able to connect to and browse my organization's server's C$ shares using their IP addresses while outside of the office and connected to my organization's internal network using the Always On VPN connection?
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

While connecting to my organization's Always on VPN using my Windows 10 computer I am prompted to choose between two certificates.

I know which certificate to choose and which one won't work.

How can I remove the wrong certificate so that I will no longer be prompted to choose a certificate while connecting to my organization's Always on VPN?
0
Cisco ASA 5510 and Cisco 2921
Currently we have a Cisco 2921 ISR that we connect directly to the internet we have a 16 block of IPs routed to internal servers and use anyconnect to VPN into the office and have a office to office vpn with a remote office. We use ACL's to manage all the traffic. This is then connected to a 6509 and we have 4 vLans.
The throughput on the 2921 seems really slow for our remote users.

Im looking into a ASA 5510 to replace the 2921. Is this a good Idea or do I run them in line? Im looking for better performance on the VPN side. The 2921 is slow.
Or do I look at something else all together?
0
We have a pfsense setup with the following settings below. If we want a customer to have management access to 10.70.0.100 (Networks Accelerator). How would we set it up? There is currently a OpenVPN setup to allow 172.28.11.0/24 netblock

LAN: 172.28.4.12
WAN: 172.28.10.254
0
Is it possible to use Cisco AnyConnect VPN client to make VPN connections instead of old Cisco VPN client v5.0.07.0440?
Here is a screenshot of the old VPN client connection settings:Old Cisco VPN connection properties
If yes, what the anyConnect's XML profile would be?
0
RADIUS VPN fails to connect due to NPS error.

We have a router doing Radius passthrough to Server 2012 R2 using NPS.

The policies have been created via a wizard and appear correct.
I have a security group in AD that I am testing with a test account.

When initiating the connection externally it times out and returns the following from the NPS event logs:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
      Security ID:                  dc.local\testing123
      Account Name:                  dc.local\Testing123
      Account Domain:                  RSCdc.local\Testing123

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            -

NAS:
      NAS IPv4 Address:            192.168.23.5
      NAS IPv6 Address:            -
      NAS Identifier:                  -
      NAS Port-Type:                  -
      NAS Port:                  -

RADIUS Client:
      Client Friendly Name:            draytek vigor 2920
      Client IP Address:                  192.168.23.5

Authentication Details:
      Connection Request Policy Name:      Use Windows authentication for all users
      Network Policy Name:            -
      Authentication Provider:            Windows
      Authentication Server:            dc.local
      Authentication Type:            MS-CHAPv2
      EAP Type:                  -
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.
      Reason Code:                  48
      Reason:                        The connection request did not match any configured network policy.


NPS is …
0
Hi

I am currently attempting to configure an IPSec VPN between a Zyxel USG310 Firewall and Microsoft Azure.

I have configured the connection, and it is showing as up and established as a Policy based VPN as per Zyxel guides. However I have no communication between either subnet.

On-Premise Subnet: 172.30.0.0/16
Azure Site Subnet: 10.50.0.0/16

When I ping to a VM sat within 10.50.0.0 from my local site, I can see stats increasing on the outbound counter on the VPN (albeit only a tiny amount that a PING produces), however PING does not receive a response and no inbound traffic is being seen, so I am somewhat confident my outbound static route on the firewall is correct. I have configured a Policy route on the Zyxel to forward any traffic destined for 10.50.0.0/16 to the VPN Tunnel.

Do I need to setup routing on the Azure side, or will this automatically be put in place by the creation of the Local Network Gateway and Virtual Network Gateway? I am assuming so, as this would define the return route and hence why PING is not currently working, but I am not sure where to start with this.

Any help is appreciated, thanks.

Rich
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.